77
To do… Use the command…
Remarks
Use the ACL to control user
login by source and
destination IP addresses
acl [ ipv6 ] acl-number { inbound |
outbound }
Required
inbound: Filters incoming telnet
packets.
outbound: Filters outgoing telnet
packets.
Configuring source MAC-based login control over telnet users
Ethernet frame header ACLs can match the source MAC addresses of packets, so you can use Ethernet
frame header ACLs to implement source MAC-based login control over telnet users. Ethernet frame
header ACLs are numbered from 4000 to 4999. For more information about ACL, see the ACL and QoS
Configuration Guide.
Follow these steps to configure source MAC-based login control over telnet users:
To do… Use the command…
Remarks
Enter system view system-view —
Create an Ethernet frame header
ACL and enter its view
acl number acl-number
[ match-order { config | auto } ]
Required
By default, no advanced ACL
exists.
Configure rules for the ACL
rule [ rule-id ] { permit | deny }
rule-string
Required
Exit the advanced ACL view quit —
Enter user interface view
user-interface [ type ] first-number
[ last-number ]
—
Use the ACL to control user login
by source MAC address
acl acl-number inbound
Required
inbound: Filters incoming telnet
packets.
NOTE:
The above configuration does not take effect if the telnet client and server are not in the same subnet.
Source MAC-based login control configuration example
Network requirements
As shown in Figure 23, configure an ACL on the Device to permit only incoming telnet packets sourced
from Host A and Host B.